Overview

overview

10

Static

static

3

db3b886ffd...c2.exe

windows7-x64

10

db3b886ffd...c2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db3b886ffd269fb799e29c5cffa9f5c2

  • Size

    1019KB

  • Sample

    240321-kyjhzahd4v

  • MD5

    db3b886ffd269fb799e29c5cffa9f5c2

  • SHA1

    9008b552a083e5e6c31d601d99629d54a2b86adf

  • SHA256

    e5087564339ba6df9121621508233b27e2cac0ef94afa68a3dc777792bc18389

  • SHA512

    078f27749799daa0a58f8290342472d2294ba3f27e2bf61e5b2c092dd1aabc9fa9a2f901e020984d34877ea3e44f5018c7f47d56ce5130f1adf536702ffab51a

  • SSDEEP

    24576:7qIQra4bfmdIVm9nrt8eeQRwjqZ7QC00iWV/Nm/y12NhmFppW:2IWauf94dRheQR/5x00wyY0ppW

Score
10/10
xloadern58iloaderrat

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

n58i

Decoy

nl-cafe.com

votetedjaleta.com

britrobertsrealtor.com

globipark.com

citysucces.com

verisignwebsite-verified.com

riddlepc.com

rosecityclimbing.com

oleandrinextract.com

salmankonstruksi.com

needhamchannel.com

refreshx2z.com

youth66.com

pla-russia.com

halloweenmaskpro.com

exdysis.com

1gcz.com

lookgoodman.com

rlxagva.com

stlcityc.com

Targets

    • Target

      db3b886ffd269fb799e29c5cffa9f5c2

    • Size

      1019KB

    • MD5

      db3b886ffd269fb799e29c5cffa9f5c2

    • SHA1

      9008b552a083e5e6c31d601d99629d54a2b86adf

    • SHA256

      e5087564339ba6df9121621508233b27e2cac0ef94afa68a3dc777792bc18389

    • SHA512

      078f27749799daa0a58f8290342472d2294ba3f27e2bf61e5b2c092dd1aabc9fa9a2f901e020984d34877ea3e44f5018c7f47d56ce5130f1adf536702ffab51a

    • SSDEEP

      24576:7qIQra4bfmdIVm9nrt8eeQRwjqZ7QC00iWV/Nm/y12NhmFppW:2IWauf94dRheQR/5x00wyY0ppW

    Score
    10/10
    xloadern58iloaderrat

    • Xloader

      Xloader is a rebranded version of Formbook malware.

      loaderxloader

    • Xloader payload

      rat

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks